mis456 utworzono 29 maja 2008 utworzono 29 maja 2008 Tylko nie przestraszcie się. Pewnie dużo tam syfu. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:43:15, on 2008-05-29Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeC:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exeC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\MSI\Live Update 3\LMonitor.exeC:\Program Files\RivaTuner v2.08\RivaTuner.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Conceptworld\QNPlus\QNPlus.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\Program Files\Logitech\SetPoint\SetPoint.exeO:\xfire\xfire.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Giganology\Gigaget\Gigaget.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.1 :8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO1 - Hosts: 64.16.193.27 l2authd.lineage2.comO2 - BHO: (no name) - {06764C13-4AA9-4CF4-835C-236CB5F2E9BE} - C:\WINDOWS\system32\nvwss32.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeO4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /rO4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /sO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitserviceO4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exeO4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /TO4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /SO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [QNPlus] C:\Program Files\Conceptworld\QNPlus\QNPlus.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automountO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Xfire.lnk = O:\xfire\xfire.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htmO8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htmO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - D:\testy\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exeO23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - D:\testy\SiSoftware Sandra Lite XI\RpcSandraSrv.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe--End of file - 10708 bytes //użytkownik poproszony o modyfikację treści swoich postów //vocativus
Mateusz J. komentarz 29 maja 2008 komentarz 29 maja 2008 O2 - BHO: (no name) - {06764C13-4AA9-4CF4-835C-236CB5F2E9BE} - C:\WINDOWS\system32\nvwss32.dll Fix O4 - Startup: Xfire.lnk = O:\xfire\xfire.exe Masz dysk O? Syfu się nie przestraszyłem Ale może się zaraz przestraszę, jak pokażesz log z ComboFix-a, o który teraz Cię proszę
mis456 komentarz 29 maja 2008 Autor komentarz 29 maja 2008 ComboFix 08-05-28.8 - Michal 2008-05-29 18:00:30.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1435 [GMT 2:00]Running from: C:\Documents and Settings\Michal\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))).2008-05-28 13:41 . 2008-05-28 13:41 <DIR> d-------- C:\Documents and Settings\Michal\Dane aplikacji\Command & Conquer 3 Kane's Wrath2008-05-20 07:58 . 2008-05-20 07:58 <DIR> d-------- C:\Program Files\Common Files\INCA Shared2008-05-20 07:58 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd2008-05-20 07:58 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys2008-05-20 07:11 . 2008-05-20 07:11 <DIR> d-------- C:\Program Files\ESET2008-05-20 07:11 . 2008-05-20 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-05-15 15:22 . 2007-06-01 09:40 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll2008-05-12 19:48 . 2008-05-12 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-05-12 19:48 . 2004-06-16 06:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl2008-05-12 16:24 . 2008-05-12 16:24 <DIR> d-------- C:\Documents and Settings\Michal\Dane aplikacji\Touchstone2008-05-08 18:04 . 2008-05-08 18:04 <DIR> d-------- C:\WINDOWS\system32\bits2008-05-08 18:00 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys2008-05-08 17:59 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]06017_.tmp2008-05-06 10:06 . 2008-05-06 10:33 23 --a------ C:\WINDOWS\BlendSettings.ini2008-04-29 15:20 . 2008-04-29 15:21 <DIR> d-------- C:\Program Files\AquaMark3.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-29 14:19 --------- d-----w C:\Documents and Settings\Michal\Dane aplikacji\uTorrent2008-05-25 15:34 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-25 10:34 --------- d-----w C:\Documents and Settings\Michal\Dane aplikacji\GetRightToGo2008-05-22 12:50 --------- d-----w C:\Program Files\SpeedFan2008-05-20 05:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-05-19 22:11 --------- d-----w C:\Documents and Settings\Michal\Dane aplikacji\Xfire2008-05-14 12:50 --------- d-----w C:\Program Files\NAPI-PROJEKT2008-05-12 17:48 --------- d-----w C:\Program Files\Common Files\InstallShield2008-05-12 14:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-05-12 14:00 --------- d-----w C:\Program Files\AGEIA Technologies2008-05-07 12:45 --------- d-----w C:\Documents and Settings\Michal\Dane aplikacji\Imperium Romanum2008-04-30 12:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-04-30 12:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe2008-04-28 18:00 --------- d-----w C:\Documents and Settings\Michal\Dane aplikacji\DivX2008-04-27 13:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-04-26 06:23 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-04-23 15:34 --------- d-----w C:\Program Files\WhatPulse2008-04-22 06:46 --------- d-----w C:\Program Files\RivaTuner v2.082008-04-22 05:01 --------- d-----w C:\Program Files\MSI2008-04-21 13:45 1,236,992 ----a-w C:\WINDOWS\system32\cpuz142.exe2008-04-19 09:37 --------- d-----w C:\Program Files\F-Secure2008-04-19 09:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure2008-04-17 13:52 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared2008-04-17 13:42 --------- d-----w C:\Program Files\Common Files\Adobe2008-04-15 07:36 --------- d-----w C:\Program Files\uTorrent2008-04-15 07:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy2008-04-15 07:36 --------- d-----w C:\Program Files\ScannerU2008-04-15 07:32 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard2008-04-15 07:32 --------- d-----w C:\Program Files\Gadu-Gadu2008-04-15 07:29 --------- d-----w C:\Program Files\Common Files\LightScribe2008-04-15 07:26 --------- d-----w C:\Program Files\Bonjour2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe2008-04-14 19:55 4,096 ------w C:\WINDOWS\system32\dsprpres.dll2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys2008-04-14 19:50 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys2008-04-14 19:46 40,448 ------w C:\WINDOWS\system32\drivers\intelppm.sys2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll2008-04-14 19:28 41,856 ------w C:\WINDOWS\system32\drivers\amdk7.sys2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys2008-04-14 13:03 --------- d-----w C:\Program Files\JetAudio2008-04-14 12:48 691,545 ----a-w C:\WINDOWS\unins000.exe2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]"QNPlus"="C:\Program Files\Conceptworld\QNPlus\QNPlus.exe" [2007-04-10 16:43 696896]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 12:22 219008]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 11:00 98304]"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 14:11 122880]"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 11:28 495616]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" [2007-04-05 17:56 94720]"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe" [2007-06-28 14:18 335872]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-03-14 11:41 498176]"RivaTuner"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 10:10 2691072]"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 10:10 2691072]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\Michal\Menu Start\Programy\Autostart\Xfire.lnk - O:\xfire\xfire.exe [2008-05-14 03:29:28 3007824]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-06 08:39:52 784912][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoStrCmpLogical"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMBalloonTip"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll"msacm.ac3filter"= ac3filter.acm"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe""NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe""OODefragTray"=C:\WINDOWS\system32\oodtray.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Two Worlds\\TwoWorlds.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\settlersy 6\\base\\bin\\Settlers6.exe"="D:\\COD4\\iw3mp.exe"="D:\\CRYSIS\\Bin32\\Crysis.exe"="D:\\CRYSIS\\Bin32\\CrysisDedicatedServer.exe"="D:\\tom clancys\\Binaries\\R6Vegas2_Game.exe"="D:\\tom clancys\\Binaries\\R6Vegas2_Launcher.exe"="D:\\Asasin\\AssassinsCreed_Dx9.exe"="D:\\Asasin\\AssassinsCreed_Dx10.exe"="D:\\Asasin\\AssassinsCreed_Launcher.exe"="D:\\testy\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"="D:\\testy\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"50000:TCP"= 50000:TCP:50000"50000:UDP"= 50000:UDP:50000"17771:TCP"= 17771:TCP:17771"17771:UDP"= 17771:UDP:17771R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\Sandbox.SYS [2007-06-26 20:01]R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\FILTNT.SYS [2007-04-05 17:56]R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 22:51]R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\ADBLOCK.DLL [2007-04-05 17:57]R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\ARP.DLL [2007-04-05 17:57]R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\CONTENT.DLL [2007-04-05 17:57]R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\DNSCACHE.DLL [2007-04-05 17:57]R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\FTPFILT.DLL [2007-04-05 17:57]R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 12:16]R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\HTMLFILT.DLL [2007-04-05 17:57]R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\HTTPFILT.DLL [2007-04-05 17:57]R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\IMAPFILT.DLL [2007-04-05 17:57]R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\MAILFILT.DLL [2007-04-05 17:57]R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\NNTPFILT.DLL [2007-04-05 17:57]R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\POP3FILT.DLL [2007-04-05 17:57]R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\PROTECT.DLL [2007-04-05 17:57]R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall 1.0\kernel\SECRET.DLL [2007-04-05 17:57]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]S3 GPU-Z;GPU-Z;C:\DOCUME~1\Michal\USTAWI~1\Temp\GPU-Z.sys []S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0bcdb10-7d6c-11dc-968b-00161796b4e6}]\Shell\AutoRun\command - wjwcaowi.exe\Shell\explore\Command - wjwcaowi.exe\Shell\open\Command - wjwcaowi.exe*Newly Created Service* - CATCHME.Contents of the 'Scheduled Tasks' folder"2008-05-16 16:51:35 C:\WINDOWS\Tasks\1-Click Maintenance.job"- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-29 18:04:15Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-05-29 18:05:36ComboFix-quarantined-files.txt 2008-05-29 16:05:32Pre-Run: 16,722,075,648 bajtów wolnychPost-Run: 19,048,828,928 bajtów wolnych258 --- E O F --- 2008-05-17 05:39:57
Mateusz J. komentarz 29 maja 2008 komentarz 29 maja 2008 Mała infekcja z pendrive. Do notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer. Posiadasz program CPU-Z?
mis456 komentarz 29 maja 2008 Autor komentarz 29 maja 2008 Posiadasz program CPU-Z? Oczywiście że mam. Mała infekcja z pendrive. Właśnie kaspersky wywalał ze coś jest na pendrive i mówił że usunął. Dzięki!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.